CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-9276

Known Exploited (CISA KEV)HIGH
7.2
CVSS Severity Score
EPSS Score89.0590%
EPSS Percentile96.43th
Published2018年7月2日
Last Modified2025年11月6日

Vulnerability Description

An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.

Affected Platforms (CPE)

📦
Paessler

Prtg Network Monitor

< 18.2.39
📦
Paessler

Prtg Network Monitor

> 19.3.52 and < 21.2.68

References & Advisories

🔗 http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html
🔗 http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html
🔗 http://www.securityfocus.com/archive/1/542103/100/0/threaded
🔗 https://www.exploit-db.com/exploits/46527/
🔗 http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html
🔗 http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html
🔗 http://www.securityfocus.com/archive/1/542103/100/0/threaded
🔗 https://www.exploit-db.com/exploits/46527/

関連する脆弱性情報

CVE-2020-103749.8

A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via...

CVE-2018-194109.8

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (inclu...

CVE-2018-192048.8

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary ...

CVE-2018-194118.8

PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-...